issue restricting access to /var/lib/libvirt/images and /var/lib/libvirt/qemu.

I was able to add access to these directories in

/etc/apparmor.d/local/abstractions/libvirt-qemu and then successfully start a

VM (no longer getting the "access denied" message).

Thanks,

Andrew

On Tue, Nov 19, 2024 at 07:01:39PM +0000, Andrew Martin wrote:
>Hello,
>
>I am using libvirt 8.0 on Ubuntu 22.04 and would like to utilize the vol-upload
>command to upload a disk image:
>https://www.libvirt.org/manpages/virsh.html#vol-upload
>
>I am using the "directory" storage pool type:
>https://libvirt.org/storage.html#directory-pool
>
>However, when uploading the disk image, it gets written with octal permissions
>0600 and owner root:root. Ideally I'd like this file to be owned by
>libvirt-qemu:libvirt-qemu with permissions 0660 so that the group can read it.
>
>I've tried the following, none of which seem to alter the owner or permissions:
>
>- change the umask in the libvirtd systemd unit
>- edit the user, group, and dynamic_ownership settings in /etc/libvirt/qemu.conf
>- run "virsh pool-edit default" and change the <mode>, <owner>, or <group> tags
>
>How can I configure libvirtd to create these uploaded files with the desired
>permissions and ownership?
>

Use virsh vol-create <pool> <volume.xml> where the volume xml looks
something like this (adjust to your liking):

<volume>
   <name>perms.img</name>
   <capacity unit='M'>100</capacity>
   <target>
     <path>/var/lib/libvirt/images/perms.img</path>
     <format type='raw'/>
     <permissions>
       <mode>0755</mode>
       <owner>77</owner>
       <group>77</group>
     </permissions>
   </target>
</volume>

And then use virsh vol-upload to populate the volume with what you want.

That ought to be enough.

HTH,
Martin

>Thanks,
>
>Andrew